diff options
-rw-r--r-- | Puppetfile_extras | 4 | ||||
-rw-r--r-- | manifests/profile/base/gnocchi/api.pp | 4 | ||||
-rw-r--r-- | manifests/profile/base/sshd.pp | 56 | ||||
-rw-r--r-- | releasenotes/notes/sshd-437c531301f458bb.yaml | 4 | ||||
-rw-r--r-- | spec/classes/tripleo_profile_base_gnocchi_api_spec.rb | 101 | ||||
-rw-r--r-- | spec/classes/tripleo_profile_base_sshd_spec.rb | 62 | ||||
-rw-r--r-- | spec/fixtures/hieradata/default.yaml | 2 |
7 files changed, 194 insertions, 39 deletions
diff --git a/Puppetfile_extras b/Puppetfile_extras index 50a9294..10425cc 100644 --- a/Puppetfile_extras +++ b/Puppetfile_extras @@ -36,3 +36,7 @@ mod 'ntp', mod 'systemd', :git => 'https://github.com/camptocamp/puppet-systemd', :ref => 'master' + +mod 'ssh', + :git => 'https://github.com/saz/puppet-ssh', + :ref => 'v3.0.1' diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index 92431e4..029eb99 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -96,14 +96,16 @@ class tripleo::profile::base::gnocchi::api ( include ::gnocchi::db::sync } - if $step >= 4 { + if $step >= 3 { include ::gnocchi::api include ::apache::mod::ssl class { '::gnocchi::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, } + } + if $step >= 4 { class { '::gnocchi::storage': coordination_url => join(['redis://:', hiera('gnocchi_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']), } diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp index e7916c1..2b86032 100644 --- a/manifests/profile/base/sshd.pp +++ b/manifests/profile/base/sshd.pp @@ -15,47 +15,45 @@ # # == Class: tripleo::profile::base::sshd # -# SSH profile for tripleo +# SSH composable service for TripleO # # === Parameters # # [*bannertext*] -# The text used within SSH Banner +# The text used within /etc/issue and /etc/issue.net # Defaults to hiera('BannerText') # +# [*motd*] +# The text used within SSH Banner +# Defaults to hiera('MOTD') +# class tripleo::profile::base::sshd ( $bannertext = hiera('BannerText', undef), + $motd = hiera('MOTD', undef), ) { - if $bannertext { - $action = 'set' - } else { - $action = 'rm' - } - - package {'openssh-server': - ensure => installed, - } + include ::ssh::server - augeas { 'sshd_config_banner': - context => '/files/etc/ssh/sshd_config', - changes => [ "${action} Banner /etc/issue" ], - notify => Service['sshd'] - } - - file { '/etc/issue': - ensure => file, - backup => false, - content => $bannertext, - owner => 'root', - group => 'root', - mode => '0600' + if $bannertext { + $filelist = [ '/etc/issue', '/etc/issue.net', ] + file { $filelist: + ensure => file, + backup => false, + content => $bannertext, + owner => 'root', + group => 'root', + mode => '0644' + } } - service { 'sshd': - ensure => 'running', - enable => true, - hasstatus => false, - require => Package['openssh-server'], + if $motd { + file { '/etc/motd': + ensure => file, + backup => false, + content => $motd, + owner => 'root', + group => 'root', + mode => '0644' + } } } diff --git a/releasenotes/notes/sshd-437c531301f458bb.yaml b/releasenotes/notes/sshd-437c531301f458bb.yaml index 0086cb0..5997289 100644 --- a/releasenotes/notes/sshd-437c531301f458bb.yaml +++ b/releasenotes/notes/sshd-437c531301f458bb.yaml @@ -1,3 +1,5 @@ --- features: - - Added manifest and template to enable configuration of sshd_config + - Added /etc/issue & /etc/issue.net parameters + - Added MOTD banner parameters + - Added external module saz-ssh to allow management of sshd_config diff --git a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb new file mode 100644 index 0000000..805a28e --- /dev/null +++ b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb @@ -0,0 +1,101 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::gnocchi::api' do + shared_examples_for 'tripleo::profile::base::gnocchi::api' do + let(:pre_condition) do + "class { '::tripleo::profile::base::gnocchi': step => #{params[:step]}, }" + end + + context 'with step less than 3' do + let(:params) { { :step => 2 } } + + it { + is_expected.to contain_class('tripleo::profile::base::gnocchi::api') + is_expected.to_not contain_class('gnocchi::api') + is_expected.to_not contain_class('gnocchi::wsgi::apache') + } + end + + context 'with step 3 on bootstrap' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + } } + + it { + is_expected.to contain_class('gnocchi::db::sync') + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + } + end + + context 'with step 3' do + let(:params) { { + :step => 3, + } } + + it { + is_expected.to_not contain_class('gnocchi::db::sync') + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + } + end + + # TODO(aschultz): fix profile class to not include hiera look ups in the + # step 4 so we can properly test it + #context 'with step 4' do + # let(:params) { { + # :step => 4, + # } } + # + # it { + # is_expected.to contain_class('gnocchi::api') + # is_expected.to contain_class('gnocchi::wsgi::apache') + # is_expected.to contain_class('gnocchi::storage') + # } + #end + # + #context 'with step 5 on bootstrap' do + # let(:params) { { + # :step => 5, + # :bootstrap_node => 'node.example.com' + # } } + # + # it { + # is_expected.to contain_class('gnocchi::api') + # is_expected.to contain_class('gnocchi::wsgi::apache') + # is_expected.to contain_exec('run gnocchi upgrade with storage').with( + # :command => 'gnocchi-upgrade --config-file=/etc/gnocchi/gnocchi.conf', + # :path => ['/usr/bin', '/usr/sbin'] + # ) + # } + #end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::gnocchi::api' + end + end +end diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb index 210b41c..e84a1f5 100644 --- a/spec/classes/tripleo_profile_base_sshd_spec.rb +++ b/spec/classes/tripleo_profile_base_sshd_spec.rb @@ -1,4 +1,4 @@ -# Copyright 2016 Red Hat, Inc. +# Copyright 2017 Red Hat, Inc. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -13,18 +13,64 @@ # License for the specific language governing permissions and limitations # under the License. # +# Unit tests for tripleo::profile::base::sshd +# require 'spec_helper' describe 'tripleo::profile::base::sshd' do - context 'with banner configured' do - it do - is_expected.to contain_file('/etc/issue').with({ - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0600', - }) + shared_examples_for 'tripleo::profile::base::sshd' do + + context 'it should do nothing' do + it do + is_expected.to contain_class('ssh::server') + is_expected.to_not contain_file('/etc/issue') + is_expected.to_not contain_file('/etc/issue.net') + is_expected.to_not contain_file('/etc/motd') + end + end + + context 'with issue and issue.net configured' do + let(:params) {{ :bannertext => 'foo' }} + it do + is_expected.to contain_file('/etc/issue').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue.net').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to_not contain_file('/etc/motd') + end + end + + context 'with motd configured' do + let(:params) {{ :motd => 'foo' }} + it do + is_expected.to contain_file('/etc/motd').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to_not contain_file('/etc/issue') + is_expected.to_not contain_file('/etc/issue.net') + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let (:facts) { + facts + } + it_behaves_like 'tripleo::profile::base::sshd' end end end diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index 592c308..94d2b28 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -24,6 +24,8 @@ ceph::profile::params::rgw_keystone_admin_password: 'keystone_admin_password' # cinder related items cinder::rabbit_password: 'password' cinder::keystone::authtoken::password: 'password' +# gnocchi related items +gnocchi::keystone::authtoken::password: 'password' # nova related items nova::rabbit_password: 'password' nova::keystone::authtoken::password: 'password' |